Remarks 

The above Amendments and these Remarks are in reply to the Office Action mailed 
October 15, 2007. A Petition for Extension of Time is submitted herewith, together with the 
appropriate fee. 

I. Summary of Examiner's Rejections 

Prior to the Office Action mailed April 10, 2007, Claims 57-58, 63-64, 72-73, 81-82 and 
90-95 were pending in the Application. In the Office Action, Claims 57-58, 63-64, 72-73, 81-82 
and 90-95 were rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the 
written description requirement. Claims 57, 63, 72, and 81 were rejected under 35 U.S.C. 
103(a) as being unpatentable over Brownlie et al. (U.S. Patent No. 6,202,157, hereinafter 
Brownlie) in view of Birnbaum (U.S. Patent No. 5,797,128, hereinafter Birnbaum) in view of 
Guedalia et al. (U.S. Patent No. 6,148,333, hereinafter Guedalia) and further in view of 
Archibald et al. (U.S. Patent No. 5,825,883, hereinafter Archibald). Claims 58, 64, 73, and 82 
were rejected under 35 U.S.C. 103(a) as being unpatentable over the modified Brownlie, 
Birnbaum, Guedalia and Archibald system, and further in view of Luckenbaugh (U.S. Patent No. 
5,991,887, hereinafter Luckenbaugh). Claims 91, 93, and 95 were rejected under 35 U.S.C. 
103(a) as being unpatentable over the modified Brownlie, Birnbaum, Guedalia, Archibald and 
Luckenbaugh system as applied to claims 90, 92, and 94 above, and further in view of 
Balassanian (U.S. Patent No. 6,324,685, hereinafter Balassanian). Claims 57, 58, 63, 64, 72, 
73, 81, and 82 were provisionally rejected on the ground of nonstatutory obviousness-type 
double patenting as being unpatentable over Claims 1, 6, 11, 16, and 21 of copending 
Application No. 11/171,104 in view of Guedalia. Claims 90, 92, and 94 were provisionally 
rejected on the ground of nonstatutory obviousness-type double patenting as being 
unpatentable over Claims 1, 11, and 21 of copending Application No. 11/171,104 in view of 
Guedalia and Archibald as applied above and further in view of Luckenbaugh. Claims 91, 93, 
and 95 were provisionally rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over Claims 90, 92, and 94 of copending Application No. 
11/171,104 in view of Guedalia, Archibald and Luckenbaugh as applied above and further in 
view of Balassanian. 

II. Summary of Applicant's Amendment 

The present Response amends Claims 57, 63, 72 and 81, leaving for the Examiner's 
present consideration Claims 57, 58, 63, 64, 72, 73, 81, 82 and 90-95. Reconsideration of the 
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Application, as amended, is respectfully requested. Applicant respectfully reserves the right to 
prosecute any originally presented or canceled claims in a continuing or future application. 

III. Claim Rejections under 35 U.S.C. § 112 

In the Office Action mailed October 15, 2007, Claims 57-58, 63-64, 72-73, 81-82 and 90- 
95 were rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written 
description requirement. More specifically, the limitation that "the local security policy is created 
by selecting a subset of the rules defined in the global security policy" was rejected as not 
having been supported by the specification. Rather, it was proposed that at best, the 
specification defines the local policy being derived form the global policy, in other words the 
local policy further defines the global policy." 

Applicant respectfully disagrees with this characterization. Claim 57 has been amended 
to more precisely match the language in the specification. As amended, Claim 57 defines that 
the local policy is derived by determining which of the plurality of rules of the global security 
policy are applicable to a particular application guard such that the local security policy contains 
a fewer number of rules than said global security policy. Support for these limitations can be 
found on pages 25, 28 as well as other portions of the Specification as filed. For example, see 
"optimizer... determines which application guard needs to receive which policy rules" (p. 25) and 
"only distributes attributes relevant to that application guard 310 so that access requests may be 
evaluated by reviewing only a few rules rather than frequently analyzing the potentially large 
policy rule base." (p. 28). 

Accordingly, Applicant respectfully submits that the local policy does not further define 
the global policy as proposed by the Examiner. On the contrary, the local security policy 
contains only those rules which are applicable to the particular application guard. As such, it 
clearly contains fewer rules than the global policy, rather than further defining more rules. 
Reconsideration of this rejection is respectfully requested. 

IV. Claim Rejections under 35 U.S.C. § 103(a) 

In the Office Action mailed October 15, 2007, Claims 57, 63, 72, and 81 were rejected 
under 35 U.S.C. 103(a) as being unpatentable over Brownlie et al. (U.S. Patent No. 6,202,157, 
hereinafter Brownlie) in view of Birnbaum (U.S. Patent No. 5,797,128, hereinafter Birnbaum) in 
view of Guedalia et al. (U.S. Patent No. 6,148,333, hereinafter Guedalia) and further in view of 
Archibald et al. (U.S. Patent No. 5,825,883, hereinafter Archibald). Claims 58, 64, 73, and 82 
were rejected under 35 U.S.C. 103(a) as being unpatentable over the modified Brownlie, 
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Birnbaum, Guedalia and Archibald system, and further in view of Luckenbaugh (U.S. Patent No. 
5,991,887, hereinafter Luckenbaugh). Claims 91, 93, and 95 were rejected under 35 U.S.C. 
103(a) as being unpatentable over the modified Brownlie, Birnbaum, Guedalia, Archibald and 
Luckenbaugh system as applied to claims 90, 92, and 94 above, and further in view of 
Balassanian (U.S. Patent No. 6,324,685, hereinafter Balassanian). Claims 57, 58, 63, 64, 72, 
73, 81, and 82 were provisionally rejected on the ground of nonstatutory obviousness-type 
double patenting as being unpatentable over Claims 1, 6, 11, 16, and 21 of copending 
Application No. 11/171,104 in view of Guedalia. Claims 90, 92, and 94 were provisionally 
rejected on the ground of nonstatutory obviousness-type double patenting as being 
unpatentable over Claims 1, 11, and 21 of copending Application No. 11/171,104 in view of 
Guedalia and Archibald as applied above and further in view of Luckenbaugh. Claims 91, 93, 
and 95 were provisionally rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over Claims 90, 92, and 94 of copending Application No. 
11/171,104 in view of Guedalia, Archibald and Luckenbaugh as applied above and further in 
view of Balassanian. 



The present Response hereby amends Claim 57 so as to more clearly define the 
embodiment therein. As amended, Claim 57 defines: 

57. A system for maintaining security in a distributed computing environment, 
comprising: 

a policy manager located on a server for: 

creating a local security policy derived from a global security policy, said 
global security policy including a plurality of rules applicable to 
all application guards in the system, wherein creating the local 
security policy includes determining which of the plurality of rules 
of the global security policy are applicable to a particular 
application guard such that the local security policy contains a 
fewer number of rules than said global security policy; and for 
distributing the local security policy to said client wherein the local 
security policy includes the rules customized to the application 
guard, said rules including a set of grant rules that allow access to 
securable components and a set of deny rules that prevent access 
to said securable components; and 
an application guard located at the client for managing access by individual 
transactions to securable components at a client level as specified by the 
local security policy, the securable components including at least one 
application wherein said application guard is integrated into said 
application and controls access to the application with which the 
application guard is integrated; 
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wherein the application guard receives an authorization request including a 
subject, an object and a privilege and evaluates said request by matching 
the rules received from the policy manager to said subject, said object 

and said privilege in order to control access to said application integrated 
with the application guard. 

As amended, Claim 57 defines a policy manager that creates a local security policy and 
distributes it to each application guard located on the clients. The local security policy is created 
by deriving it from the global security policy. More specifically, the local security policy is created 
by determining which rules of the global policy apply to which application guard and selecting 
those rules for the customized local policy. Thus, the local security policy contains a fewer 
number of rules than the global security policy. Once the application guard receives the 
distributed custom local security policy, it uses it to control access to individual transactions. 

One of the advantages of this functionality is that access requests at each application 
guard can be evaluated by reviewing only a few rules, rather than frequently analyzing the 
potentially large policy rule database (Specification, page 28). Thus, a smaller, customized and 
local security policy is enabled for each application guard. 

Claim 57 has been rejected over Brownlie, in view of Birnbaum, in view of Guedalia and 
further in view of Archibald (hereinafter the cited references). Applicant respectfully traverses. 

The cited references fail to disclose any local security policy and global security policy, 
as defined in amended Claim 57. More specifically, the cited references fail to disclose that the 
local security policy is created by determining which of the plurality of rules of the global security 
policy are applicable to a particular application guard, such that the local security policy contains 
a fewer number of rules than the global security policy. 

In the Office Action, Birnbaum was newly cited as disclosing such global and local 
policies on column 5 line 41 through column 6, line 5. However, as amended, Claim 57 is 
different from the Birnbaum disclosure. The cited portion of Birnbaum appears to describe a 
hierarchical policy structure. For example, the policy groups B and C are children of policy group 
A and therefore these groups "must follow the policies of in Policy Group A in addition to their 
locally defined policies." (col. 5, lines 60-64). This appears to be a standard hierarchical 
relationship where one entity inherits the attributes of another, and further defines additional 
attributes. However, this form of hierarchy is quite different from a local security policy derived 
from the global policy and which contains a fewer number of rules than the global policy, as 
defined in amended Claim 57. On the contrary, the child policy described in Birnbaum would 
appear to have a greater number of policies than its parent because it "must follow" the policies 
of its parent, in addition to its own. 
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Furthermore, there is no disclosure whatsoever in the cited references of determining 
which rules of the global policy are applicable to a particular application guard , as defined in 
amended Claim 57. This feature allows the local policy to have a selectively customized set of 
rules for each application guard by analyzing the global policy set of rules and making 
determinations. None of the cited references analyze the rules of any global policy in this 
manner. Accordingly, there is no disclosure of this functionality of amended Claim 57. 

In addition, it is also respectfully noted that Applicant disagrees with the Examiner's 
conclusion of obviousness of the claims in the present Application. In the Office Action, the case 
In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971) was cited for the proposition 
that "any judgment on obviousness is in a sense necessarily a reconstruction based upon 
hindsight reasoning. But so long as it takes into account only knowledge which was within the 
level of ordinary skill at the time the claimed invention was made, and does not include 
knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper." (Office 
Action, page 11). However, the conclusion of obviousness precisely the type of improper 
reconstruction contemplated by this case, because it does indeed include "knowledge gleaned 
only from the applicant's disclosure." In the Office Action, 4-6 references, otherwise largely 
unrelated, have been combined based on the specification of the present Application in order to 
disclose the various portions of the features in the claims and the specification. Because such a 
reconstruction relies on the problem/solution described in the present Specification, it does 
indeed include knowledge gleaned from the applicant's disclosure and therefore is 
impermissible. 

Furthermore, many of the cited references do not relate to the technical art of 
maintaining computer security, which is the subject matter of the features defined in the claims 
of the present application. For example, Rogers deals with monitoring changes in network state, 
while Archibald deals with accounting applications. As such, neither of these references is a 
reference that "because of the matter with which it deals, logically would have commended itself 
to an inventor's attention in considering his problem." Wang Lab. 993 F.2d 858; State 
Contracting & Eng'g, 346 F.3d 1057. Accordingly, it would not have been obvious to combine 
these references, as proposed in the Office Action. 

In view of the above comments, Applicant respectfully submits that Claim 57, as 
amended, is neither anticipated by, nor obvious in view of the cited references, and 
reconsideration thereof is respectfully requested. 
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Claims 63, 72 and 81 

Claims 63, 72 and 81, while independently patentable, recite limitations that, similarly to 
those described above with respect to claim 57, are not taught, suggested nor otherwise 
rendered obvious by the cited references. Reconsideration thereof is respectfully requested. 

Claims 58, 64, 73, 82 and 90-95 

Claims 58, 64, 73, 82 and 90-95 are not addressed separately, but it is respectfully 
submitted that these claims are allowable as depending from an allowable independent claim, 
and further in view of the comments provided above. Applicant respectfully submits that Claims 
58, 64, 73, 82 and 90-95 are similarly neither anticipated by, nor obvious in view of the cited 
references, and reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant respectfully reserves the right to argue these limitations 
should it become necessary in the future. 

V. Provisional Double Patenting Rejections 

In the Office Action mailed October 15, 2007, Claims 57, 58, 63, 64, 72, 73, 81, and 82 
were provisionally rejected on the ground of nonstatutory obviousness-type double patenting as 
being unpatentable over Claims 1, 6, 11, 16, and 21 of copending Application No. 11/171,104 in 
view of Guedalia. Claims 90, 92, and 94 were provisionally rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable over Claims 1,11, and 
21 of copending Application No. 11/171,104 in view of Guedalia and Archibald as applied above 
and further in view of Luckenbaugh. Claims 91, 93, and 95 were provisionally rejected on the 
ground of nonstatutory obviousness-type double patenting as being unpatentable over Claims 
90, 92, and 94 of copending Application No. 11/171,104 in view of Guedalia, Archibald and 
Luckenbaugh as applied above and further in view of Balassanian. 

Applicant respectfully submits that a proper terminal disclaimer was previously filed on 
September 10, 2007. Because the present Application is commonly owned with the co-pending 
Application No. 1 1/171,104, the terminal disclaimer properly overcomes the nonstatutory double 
patenting rejection. Reconsideration thereof is respectfully requested. 

VI. Conclusion 

In view of the above amendments and remarks, it is respectfully submitted that all of the 
claims now pending in the subject patent application should be allowable, and reconsideration 
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thereof is respectfully requested. The Examiner is respectfully requested to telephone the 
undersigned if he can assist in any way in expediting issuance of a patent. 

Enclosed is a PETITION FOR EXTENSION OF TIME UNDER 37 C.F.R. § 1.136 for 
extending the time to respond up to and including February 15, 2008. 

The Commissioner is authorized to charge any underpayment or credit any overpayment 
to Deposit Account No. 06-1325 for any matter in connection with this response, including any 
fee for extension of time, which may be required. 



Respectfully submitted, 



Date: February 15, 2008 By: /Justas Gerinqson/ 

Justas Geringson 
Reg. No. 57,033 

Customer No.: 23910 
FLIESLER MEYER LLP 
650 California Street, 14 th Floor 
San Francisco, California 94108 
Telephone: (415)362-3800 
Fax: (415)362-2928 
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